JP2017503253A - Authentication system and method using QR code - Google Patents

Abstract

The present invention relates to a user authentication system and method corresponding to financial transactions such as login, settlement, and account transfer. The present invention displays a QR code (Quick Response Cord; QR Code) including authentication information on a user's computer terminal, scans the QR code using a smart device such as a smartphone, and is included in the QR code. An authentication system using a QR code that authenticates with a scanned QR code connected to a QR authentication server and a method thereof are provided. [Selection] Figure 1

Description

  The present invention relates to a user authentication system and method corresponding to a financial transaction such as login, settlement, securities transaction, and account transfer, and more specifically, a QR code (Quick Response cord) including authentication information at the time of online authentication. QR Code (registered trademark) is displayed on the user's computer terminal, the QR code is scanned using a smart device such as a smartphone, and the QR code information of the scanned QR code is transmitted to the QR authentication server for authentication. The present invention relates to an authentication system using a code and a method thereof.

  With the spread and generalization of the Internet, various services have become available via the Internet. Services include online banking such as product purchases and direct debits, and information provision services. People who want to receive such services register their important information in a system that provides the services. Or enter each time you use the service.

  In this way, using the point that you have to enter or register your important information to receive Internet services, hackers hacked and leaked personal important information, It is used to cause mental and financial damage to the person.

  In order to prevent such leakage of personal information, an ID / Password login method that assigns unique user identification information (ID) and password to each user and performs authentication using the ID and password, unique to each individual Various authentication methods have been developed and applied, such as electronic certificates that are generated and issued, and one-time passwords (OTP) that generate random one-time random numbers for authentication. Has been.

  However, along with the application of such an authentication method, hackers are continuously developing hacking programs or malware corresponding thereto, and leaking personal information of Internet users.

  Accordingly, there is a continuing demand for the development of an authentication method that can protect personal information more strongly. As one of such authentication methods, a barcode or QR code is generated by an authentication server and displayed on a user's computer, and after scanning the barcode or QR code with a smartphone, authentication is performed via the authentication server. Patent Document 1 (hereinafter referred to as “prior patent”) is registered and applied.

  However, the prior patent also has a risk that the barcode and the QR code are leaked, and there is a risk that personal information may be leaked if exposed.

  In addition, the conventional authentication method and the above-mentioned prior patent cannot prevent memory hacking because hackers cannot cope with memory hacking that changes account information and amount at the time of account transfer using hacking program and malware. There is a problem.

Korean Registered Patent No. 10-1245105 [Authentication System and Method Using Smartphone]

  Accordingly, an object of the present invention is to display a QR code (Quick Response Cord) including authentication information on a user's computer terminal during online authentication, and scan the QR code using a smart device such as a smartphone. Accordingly, an object of the present invention is to provide an authentication system using a QR code and a method for performing the authentication by transmitting QR code information of the scanned QR code to a QR authentication server.

  In order to achieve the above object, an authentication system using a QR code according to the present invention is authenticated by transmitting a QR code authentication request signal including user identification information for a user and at least authentication method selection information for selecting QR code authentication. A computer terminal that makes a request and displays a QR code image received in response to the authentication request; and a portable authentication terminal that scans the QR code image and transmits QR code information included in the QR code image; When the authentication request is generated, a QR code generation request signal in which QR code generation information including the user identification information is recorded by QR code authentication selected by the authentication method selection information for an arbitrary service is transmitted to receive a QR code The QR code image received in response to the If the QR code authentication result received after transmission to the data terminal is successful, a legacy authentication server that approves the provision of the service, and QR code information is generated when the QR code generation request signal is received, After generating a QR code image for the QR code information and providing the QR code image to the legacy authentication server, the QR code information received from the mobile authentication terminal is generated for the QR code image and stored in the QR code generation DB. A QR authentication server that performs authentication in accordance with whether or not the QR code information matches the QR code information and notifies the legacy authentication server of the QR code authentication result. QR code generation DB for storing QR code information, user information of the user, portable authentication terminal identification information of the user, and password A QR storage unit including a QR authentication service subscriber DB that stores authentication service subscription information including the legacy authentication after receiving the QR code generation request signal, generating QR code information, and storing the QR code information in the QR code generation DB The QR code information provided to the server and received from the mobile authentication terminal is authenticated by comparing with the QR code information stored in the QR code generation DB, and the QR code authentication result is notified to the legacy authentication server. A QR control unit configured to refer to the authentication service subscription information of the QR authentication service subscriber DB upon reception of an inquiry as to whether or not the QR code authentication service can be subscribed by the QR code authentication request from the legacy authentication server. To determine whether to subscribe to the service and provide it to the legacy authentication server. When receiving a service subscription request signal including authentication service subscription information, a QR code authentication service registration unit that stores and registers the authentication service subscription information in the QR authentication service subscriber DB, and receives the QR code generation request signal A QR code generating unit that collects QR code information, generates a QR code image for the QR code information, stores the QR code image in the QR code generation DB, and provides the QR code generation DB to a legacy authentication server; and received from the mobile authentication terminal A QR authentication unit that generates QR code information for the QR code image and compares the QR code information with the QR code information stored in the QR code generation DB, and authenticates the QR code authentication result to the legacy authentication server and the mobile phone. And an authentication result notifying unit for notifying the authentication terminal.

  The mobile authentication terminal includes a terminal communication unit that performs data communication with the QR authentication server via a wired and wireless data communication network, a scan unit that scans and outputs a QR code image displayed on the computer terminal, A display unit that displays QR code information; and a terminal control unit that scans the scan unit to detect the QR code information from the QR code image, displays the QR code information on the display unit, and transmits the QR code information.

  The QR authentication server encrypts the QR code information with a security key, generates a QR code image corresponding to the encrypted QR code information, and provides the QR code image to the legacy authentication server. A QR code information acquisition unit that detects a QR code image through a scanning unit, analyzes the QR code image to acquire encrypted QR code information, and the acquisition by inputting a password corresponding to the security key by the user And a password authentication processing unit including a decryption unit for decrypting the encrypted QR code information.

  The terminal control unit checks the integrity of the QR code based on the hash value included in the decrypted QR code information, and transmits the QR code information to the QR authentication server when the integrity verification is passed. And a QR code consistency checking unit.

  The terminal control unit checks whether or not financial transaction information is included in the decrypted QR code information, detects if there is the financial transaction information, and displays a transaction information detection unit on a display unit; After the financial transaction information is displayed by the transaction information detection unit, a message for inquiring whether or not the user can approve is displayed. And a user approval confirmation unit for transmitting to the QR authentication server.

  When transmitting QR code information to the QR authentication server, the user approval confirmation unit re-encrypts with a password and transmits the QR code information.

  The legacy authentication server includes a legacy authentication information DB that stores legacy authentication information for each user identification information and a session identification information DB that stores authentication service information including session identification information for each user identification information; And an authentication type determination unit that determines an authentication request method based on the authentication method selection information with respect to the authentication request, and in the determination of the authentication type, if the authentication request method is legacy authentication, refer to the legacy authentication information DB If the authentication request method is QR code authentication in the determination of the authentication type and the legacy authentication unit that performs legacy authentication, the user of the user identification information is a QR code authentication service subscriber via the QR authentication server. A QR code authentication service subscribing unit that determines whether or not If the user is a user authentication service subscriber, a QR code generation request signal including the user identification information is transmitted to request QR code issuance, and a QR code image received in response thereto is transmitted to the computer terminal. A legacy control unit that receives a QR code authentication result from the QR code image transmission from the QR authentication server and approves the provision of the service if the QR code authentication result is successful. It is characterized by that.

  The legacy control unit, when receiving the QR code authentication result, includes the session identification information among the user identification information and the session identification information included in the QR code authentication result, and session identification information for the user identification information. A session authentication unit that performs session authentication according to whether or not the session identification information registered in the DB matches, and determines the approval when the session authentication is successful. To do.

  If the authentication service type of the authentication request is one of account transfer, goods purchase settlement, and securities transaction, the legacy control unit includes the financial information among the user identification information and financial transaction information included in the authentication result. A transaction information authenticating unit for authenticating financial transaction information in accordance with whether or not the transaction information and the financial transaction information stored in the session identification information DB match the user identification information. When the financial transaction information authentication is successful, the approval is determined.

  The QR code generation unit collects QR code generation information including a service server site name, authentication service type, financial transaction information, user identification information, and session identification information from the QR code generation request signal. A QR code information generating unit that generates QR code information including a QR code generation information and a QR code issuance time stamp, QR identification information, and a hash value, and corresponds to the generated QR code information And a QR code image generation unit that transmits the QR code image to the legacy authentication server after generating the QR code image.

  The QR code generation unit includes a QR code encryption unit that encrypts the generated QR code information with a password registered in the QR authentication service subscriber DB with respect to the user identification information of the QR code generation information. In addition, the QR code image generation unit may generate a QR code image for the encrypted QR code information.

  The QR control unit is mapped to the terminal identification information of the portable authentication terminal received from the portable authentication terminal and the user identification information of the user of the portable authentication terminal when receiving the QR code information received from the portable authentication terminal; It further includes a terminal authentication unit that performs authentication according to whether or not the terminal identification information stored in the QR authentication service subscriber DB matches.

  The authentication method using the QR code according to the present invention for achieving the above object is such that the computer terminal selects at least user identification information and at least QR code authentication for the legacy authentication server while using any service of the service server. Request for authentication by transmitting a QR code authentication request signal including authentication method selection information to be transmitted, and a QR code authentication request including authentication method selection information in which the legacy authentication server has selected QR code authentication from the computer terminal A QR code generation request process for transmitting a QR code generation request signal including QR code generation information including the user identification information to the QR authentication server to request generation of a QR code when an authentication request is generated by receiving a signal; and QR authentication When the server receives a QR code generation request signal from the legacy authentication server, the authentication request QR code information is collected, a QR code image for the collected QR code information is generated and provided to the legacy authentication server, and the legacy authentication server transmits the QR code image to the computer terminal. A QR code providing process, a QR code displaying process in which the computer terminal receives and displays the QR code image, and a mobile authentication terminal scanning the QR code image displayed on the computer terminal and being included in the QR code A QR code scanning process to be transmitted to the QR authentication server after acquiring the QR code information, QR code information received from the mobile authentication terminal by the QR authentication server, and a QR generated for the user identification information QR code authentication by comparing with code information A QR code authentication process for transmitting the result to the legacy authentication server; and a service approval process for final approval for the service if the QR code authentication result received by the legacy authentication server from the QR authentication server is successful. The QR code authentication process is pre-registered in the QR authentication service subscriber DB corresponding to the terminal identification information included in the signal including the QR code information from the mobile authentication terminal and the user identification information. Terminal authentication step for authenticating the terminal according to whether or not the terminal identification information matches, and when the terminal authentication is successful, the QR code information and the user identification information QR code authentication that performs QR code authentication according to whether or not it matches with registered QR code information And a QR code authentication notifying step of transmitting the QR code authentication result to the legacy authentication server.

  In the authentication request process, the authentication method selection information includes authentication selection information for selecting at least one legacy authentication and QR code authentication, and the QR code generation request process includes a legacy code included in the authentication selection information. A legacy authentication step for performing legacy authentication based on authentication selection information, and when the legacy authentication is successful, a QR code generation request signal including QR code generation information including the user identification information is transmitted to a QR authentication server to generate a QR code. And a QR code generation requesting step for requesting.

  The QR code image generation process includes a QR code generation information collection step of extracting QR code generation information from the QR code generation request signal upon reception of a QR code generation request signal from the legacy authentication server, and the collected QR code A QR code information generation step for generating QR code information including information on code generation information and a QR code to be generated, and a QR code image corresponding to the generated QR code information are generated and then provided to the legacy authentication server And a QR code image generation step.

  In the QR code image generation process, when QR code information is collected in the QR code generation information collecting step, the password of the user registered in the QR authentication service subscriber DB is applied to the QR code information as a security key. The QR code information further includes an encryption step, and the QR code image generation step generates a QR code image for the encrypted QR code information.

  In the QR code scanning process, the mobile authentication terminal scans a QR code image displayed on a computer terminal, and the QR code information extraction step extracts the QR code information by analyzing the scanned QR code image. And a QR code transmission step of transmitting the extracted QR code information to a QR authentication server.

  In the QR code image generation process, the QR authentication server encrypts and transmits QR code information as a security key to a user of the user identification information, and the QR code scanning process includes the QR code scanning process. And further comprising a decrypting step of requesting the user to input a password corresponding to the security key after extracting the QR code information, and decrypting the encrypted QR code information with the password after being input. It is characterized by.

  The QR code scanning process further includes a consistency check step of checking the consistency with a hash value included in the QR code information, and the QR code is transmitted only when the consistency check is passed in the QR code transmission step. Information is transmitted to a QR authentication server.

  When the legacy authentication server receives the QR code authentication result received from the QR authentication server, the service approval process is included in the session identification information included in the QR code authentication result and the QR code authentication result. A session authentication step for performing session authentication in accordance with whether or not the session identification information stored in the session identification information DB corresponds to the user identification information being stored, and if the session authentication is successful, And a service approval step for final approval.

  If the authentication service type of the authentication request is a financial transaction, the service approval process is mapped to the financial transaction information included in the QR code authentication result and the session identification information, and stored in the session identification information DB. A transaction information authentication step for performing transaction information authentication according to whether or not the stored financial transaction information matches and performing the service approval step when the transaction information authentication is successful. Features.

  In the present invention, QR code information to be converted into a QR code is encrypted with a security key, so that the QR code can be double protected, and even if the QR code is leaked, the information included in the QR code This has the effect of preventing the exposure.

  Further, the present invention includes authentication content information such as account transfer history information in the QR code, and when the user scans the QR code with a smart device, a security key (password) for decrypting the QR code is input, It has the effect of allowing the user to recognize memory hacking that may occur in the intermediate process by checking the authentication content information that was finally applied and verifying the hash value to determine whether it is forgery or alteration. .

  In addition, the present invention has an effect that double security can be maintained by performing user device authentication using unique terminal identification information of a mobile authentication terminal such as a smart device.

  Further, the present invention has an effect that security can be maintained twice by performing authentication using session identification information (Session ID).

It is a figure which shows the structure of the authentication system using QR code which concerns on this invention. It is a figure which shows the structure of the portable authentication terminal of the authentication system which concerns on this invention. It is a figure which shows the structure of the legacy authentication server of the authentication system which concerns on this invention. It is a figure which shows the structure of the QR authentication server of the authentication system which concerns on this invention. It is a flowchart which shows the authentication method using QR code in the authentication system which concerns on 1st Example of this invention. It is a flowchart which shows the authentication method using QR code in the authentication system which concerns on 2nd Example of this invention. It is a flowchart which shows the registration method of the user password and portable authentication terminal identification information of the authentication method using QR code in the authentication system which concerns on the Example of this invention.

  Hereinafter, the configuration and operation of an authentication system using the QR code of the present invention will be described with reference to the accompanying drawings, and an authentication method in the system will be described. However, the present invention is not limited thereto.

  FIG. 1 is a diagram showing a configuration of an authentication system using a QR code according to the present invention.

  The authentication system using the QR code according to the present invention includes a user terminal unit 100 and an authentication server unit 300.

  The user terminal unit 100, the service server 200, and the authentication server unit 300 are connected via a wired and wireless data communication network 150 to perform data communication in a wired and wireless manner.

  The wired and wireless data communication network 150 includes an Internet network including a wireless LAN (WiFi (registered trademark)) network, a third generation (3G) mobile communication network, and a fourth generation (Long Term Evolution: LTE) mobile communication. A network composed of at least one of the networks.

  The user terminal unit 100 includes a computer terminal 110 and a mobile authentication terminal 120.

  The computer terminal 110 includes a personal computer (PC), a notebook computer, a tablet PC, a smart pad, a smartphone, and the like. In order to perform authentication for connecting to the service server 200 and receiving an arbitrary service according to the present invention. The QR code image is displayed on the screen, and when the authentication by the QR code image is successful, a screen by the service is provided.

  The mobile authentication terminal 120 is a device including a scanning unit that can scan a QR code image displayed on the computer terminal 110, and includes smart devices such as a smart pad and a smartphone having unique terminal identification information. The terminal identification information is at least one of a telephone number, international mobile equipment identification information (International Mobile Identification: IMEI), an electronic serial number (ESN), and the like. The mobile authentication terminal 120 scans a QR code image displayed on the computer terminal 110 according to the present invention, acquires QR code information included in the QR code image, displays the information, and shows the user to the authentication. Provide to the server 300.

  The service server 200 includes an information providing server that provides arbitrary information, a financial server that provides net banking services such as account transfer, and an electronic commerce server that purchases goods and performs settlement for the goods. Authentication is performed via the authentication server unit 300 for payment and the like. Hereinafter, a service that requires authentication such as login, account transfer, and settlement is referred to as an “authentication service”.

  The authentication server unit 300 authenticates the user of the user terminal unit 100 when an authentication request for the authentication service from the service server 200 is generated. The authentication server unit 300 performs at least one of login authentication for performing user ID and password (Password) based authentication, electronic certificate based electronic certificate authentication, and one-time password (OTP) based OTP authentication. The legacy authentication server 400 to perform, the QR code information according to the present invention is generated, the QR code image including the QR code information is generated and issued, and the QR code information for the issued QR code image is transmitted to the mobile authentication terminal 120 A QR (Quick Response) (code) authentication server 500 that performs authentication by comparing the issued QR code information with the received QR code information. The QR code information includes a message including contents for authentication, encryption method information such as Base64 and AES256, site information of the service server 200, authentication service type (Type) information, transaction information, user identification information (UserID), It includes session identification information (Session ID), a time stamp, and a hash value. The authentication service type information is information such as whether the authentication service that generated the authentication is login or financial transaction such as account transfer, settlement, and securities transaction. Information on the financial transaction (hereinafter referred to as “financial transaction information”) includes transfer bank information, account information (transmission / reception), transfer amount information, transfer sender / transmission when the service type is account transfer. A plurality of pieces of information can be included in the receiver information, and when the service type is payment, a plurality of pieces of information can be included among card company information, card number, payment amount information, and the like. In order to prevent memory hacking, the financial transaction information preferably includes transfer bank information, account information, and transfer amount information when the type of authentication service is account transfer. It is desirable to include monetary information.

  FIG. 2 is a diagram showing the configuration of the mobile authentication terminal of the authentication system according to the present invention. Hereinafter, the configuration of the mobile authentication terminal will be described with reference to FIG.

  The mobile authentication terminal 120 includes a terminal control unit 10, a terminal storage unit 20, an input unit 30, a display unit 40, a terminal communication unit 50, and a scanning unit 60.

  The terminal storage unit 20 includes a program area for storing a control program for controlling the operation of the mobile authentication terminal 120 according to the present invention, a temporary area for temporarily storing data generated during the execution of the program, and the present invention. A user data area for storing scanned QR code images and QR code information, and authentication history information such as financial transaction information according to the second embodiment.

  The input unit 30 includes buttons for function selection, volume adjustment, power / screen on / off, etc., a button input unit for outputting a button signal for the pressed button to the terminal control unit 10, a plurality of character inputs and Coordinate data for a position touched by a key input unit having a number of keys for selecting a function and outputting a key signal for the pressed key to the terminal control unit 10 and being integrally formed on the screen of the display unit 40 And at least one touch pad output to the terminal control unit 10.

  The display unit 40 displays the operating state of the mobile authentication terminal 120, displays the QR code scan interface unit according to the present invention, and displays one or more of the QR code image and the QR code information scanned by the scan interface unit. To do.

  The terminal communication unit 50 is connected to the wired and wireless data communication network 150 wirelessly and connected to the wired and wireless data communication network 150, the legacy authentication server 400 and the QR authentication server 500 of the authentication server unit 300, and the data Communicate.

  The scanning unit 60 includes a camera and outputs an image obtained by photographing the screen of the computer terminal 110 according to the present invention to the terminal control unit 10.

  The terminal control unit 10 includes a QR code information acquisition unit 11, a password authentication processing unit 12, and a QR code consistency check unit 15 according to the first embodiment of the present invention, and the transaction information detection unit 16 and the user according to the second embodiment. An approval confirmation unit 17 is further included to control general operations according to the first and second embodiments of the present invention.

  More specifically, the QR code information acquisition unit 11 controls the scanning unit 60 to acquire a QR code image from the video input from the scanning unit 60, and analyzes the QR code image to acquire QR code information. To do. The QR code information at this time may be encrypted with a security key.

  When the QR code information is encrypted with a security key, the password authentication processing unit 12 decrypts the QR code information encrypted with the security key. A password acquisition unit 13 that acquires and outputs a password corresponding to the key, and a decryption unit 14 that decrypts QR code information with the acquired password are included.

  The QR code consistency checking unit 15 receives the QR code information decoded from the decoding unit 14, performs a consistency check using a hash value included in the QR code information, and succeeds in verifying the consistency. After the message included in the QR code information is displayed on the display unit 40, the message is transmitted to the QR authentication server 500 of the authentication server unit 300 via the terminal communication unit 50.

  In the second embodiment of the present invention, when the form of the authentication service directly deals with personal goods such as account transfer and settlement, the user can change the transaction contents through the portable authentication terminal in order to prevent memory hacking. In order to make it possible to confirm whether there is a change and to allow the mobile authentication terminal to transmit QR code information to the QR authentication server 500 only when there is user approval, the transaction information detection unit 16 and the user approval confirmation unit 17 is further included.

  The transaction information detection unit 16 detects the financial transaction information and displays it on the display unit 40 when the decrypted QR code information includes financial transaction information. The financial transaction information may include bank information, card company information, account information, card number, transfer amount information, settlement amount information, transfer amount recipient information, delivery address, etc., depending on the type of authentication service. .

  After the transaction information detection unit 16 displays the financial transaction information, the user approval confirmation unit 17 displays a message for inquiring the final approval for the displayed financial transaction information on the display unit 40, and selects the approval for it. The QR code information is transmitted to the QR authentication server 500. On the other hand, when the user rejects the approval, the user approval confirmation unit 17 can be configured to terminate the operation or to transmit an approval rejection signal to the QR authentication server 500.

  FIG. 3 is a diagram showing the configuration of the legacy authentication server of the authentication system according to the present invention. Hereinafter, the configuration of the legacy authentication server will be described with reference to FIG.

  The legacy authentication server 400 includes a legacy control unit 410, a legacy storage unit 420, and a legacy communication unit 430.

  The legacy storage unit 420 includes a legacy authentication information DB 421 storing at least one of ID / Password-based login information, electronic certificate-based electronic authentication information, and OTP-based OTP authentication information, and a session being authenticated. Session identification information (Session ID) for connection and session identification information DB 422 that maps to the session identification information and stores authentication service information including user identification information, financial transaction information, and the like.

  The legacy communication unit 430 is connected to the wired and wireless data communication network 150 and performs data communication with the computer terminal 110 and the QR authentication server 500 connected to the wired and wireless data communication network 150.

  The legacy control unit 410 includes an authentication type determination unit 411, a legacy authentication unit 412, a QR code authentication service subscription unit 413, a QR code issue request unit 414, a session authentication unit 415, and a transaction information authentication unit 416. To control the overall operation of.

  More specifically, the authentication type determination unit 411 is configured such that when a user issues an authentication request from the computer terminal 110 to an arbitrary service via the service server 200, the authentication service requested to receive the service is received. And at least one of the legacy authentication unit 412 and the QR code authentication service subscription unit 413 is activated according to the determination result. The user can request only QR code authentication according to the present invention through the computer terminal 110, or can request both legacy authentication and QR code authentication at the same time. The legacy authentication means conventionally known authentication such as the above-described login authentication, electronic certificate authentication, and OTP authentication.

  The legacy authentication unit 412 compares the authentication information activated by the authentication type determination unit 411 and received from the computer terminal 110 via the legacy communication unit 430 with the authentication information stored in the legacy authentication information DB 421. Authenticate.

  The QR code authentication service subscription unit 413 is a service subscriber by inquiring whether the user who has been activated by the authentication type determination unit 411 and requested the QR code authentication from the QR authentication server 500 is a QR authentication service subscriber. Judge whether or not. If the result of the determination is that the subscriber is not a service subscriber, the QR code authentication service subscription unit 413 provides a message to the computer terminal 110 via the legacy communication unit 430 asking whether or not the QR code authentication service is subscribed. Is requested, QR code authentication service subscription (registration) means is provided to collect QR code authentication service subscription information, which is transmitted to the QR authentication server 500 to request service registration. As a result of the determination, if the user is a service subscriber, the QR code authentication service subscription unit 413 activates the QR code issue request unit 414. The QR code authentication service subscription information includes a password used as a security key for encryption of the user's QR code information and terminal identification information of the user's mobile authentication terminal 120.

  The QR code issue request unit 414 generates a QR code issue request signal including authentication service information for an authentication service performed via the service server 200 and transmits the QR code issue request signal to the QR authentication server 500. The authentication service information includes an authentication service type (Type), service server site information, financial transaction information, user identification information, session identification information, and the like. The QR code issue request unit 414 transmits the received QR code image to the computer terminal 110 after the QR code issue request.

  When receiving the QR code authentication result from the QR authentication server 500, the session authentication unit 415 stores the session identification information included in the QR code authentication result and the session identification information DB 422 for the QR code authentication. Session authentication is performed in accordance with whether or not the session identification information matches. If the session authentication is successful, final approval for the authentication request is determined and notified to the service server 200. However, when the session authentication fails, the session authentication unit 415 transmits the failure of the session authentication to the service server 200 and the QR authentication server 500.

  According to the second embodiment of the present invention, the session authentication unit 415 activates the transaction information authentication unit 416 when the session authentication is successful.

  The activated transaction information authentication unit 416 loads the financial transaction information corresponding to the session identification information included in the QR authentication result from the session identification information DB 422, and the financial transaction information included in the QR authentication result Compare and check whether they match. If they match, the transaction information authentication unit 416 determines final approval for the authentication request and notifies the service server 200 and the QR authentication server 500.

  FIG. 4 is a diagram showing the configuration of the QR authentication server of the authentication system according to the present invention.

  Referring to FIG. 4, the QR authentication server 500 of the present invention includes a QR control unit 510, a QR storage unit 520, and a QR communication unit 530.

  The QR storage unit 520 includes a QR authentication service subscriber DB 521 that stores QR code authentication service subscriber information, and a QR code generation DB 522 that stores QR code information and a generated QR code image for each authentication request. The authentication service subscription information includes terminal identification information of a user's mobile authentication terminal and a password used as a security key.

  The QR communication unit 530 is connected to the wired and wireless data communication network 150 and performs data communication with the legacy authentication server 400 and the mobile authentication terminal 120 connected to the wired and wireless data communication network 150.

  The QR control unit 510 includes a QR code authentication service registration unit 511, a QR code generation unit 512, a terminal authentication unit 517, a QR authentication unit 518, and an authentication result notification unit 519, and controls the overall operation of the QR authentication server 500. .

  Specifically, the QR code authentication service registration unit 511 searches the QR authentication service subscriber DB 521 for permission to subscribe when an inquiry about whether or not to subscribe to a QR code authentication service for an arbitrary user from the legacy authentication server 400, The result is notified to the legacy authentication server 400, and when QR code authentication service subscription information is received from the legacy authentication server 400, it is stored in the QR authentication service subscriber DB 521 and registered as a service subscriber.

  The QR code generation unit 512 includes a QR code generation information collection unit 513, a QR code information generation unit 514, a QR code encryption unit 515, and a QR code image generation unit 516. The QR code generation unit 512 generates a QR code, that is, a QR code image. This is provided to the authentication server 400.

  The QR code generation information collection unit 513 collects and outputs authentication service information received from the legacy authentication server 400 via the QR communication unit 530 as QR code generation information.

  The QR code information generation unit 514 generates authentication service information collected through the QR code generation information collection unit 513, generation time information (Time Stamp), QR identification information (QRID), and a hash value. QR code information including QR code related information is generated.

  The QR code encryption unit 515 applies the user password registered in the QR authentication service subscriber DB 521 as a security key and encrypts and outputs the QR code information.

  The QR code image generation unit 516 receives the encrypted QR code information input from the QR code encryption unit 515 or the unencrypted QR code information input from the QR code information generation unit 514, and generates a QR code image. And provided to the legacy authentication server 400. The QR code image for the encrypted QR code information is different from the QR code image for the unencrypted QR code information.

  Upon receiving a QR code authentication request signal including QR code information and terminal identification information from the mobile authentication terminal 120, the terminal authentication unit 517 receives the terminal identification information included in the QR code authentication request signal and the user identification of the QR code information. The terminal identification information stored in the QR authentication service subscriber information of the user corresponding to the information is compared with the stored terminal identification information to check whether or not they match, thereby authenticating the terminal.

  The QR authentication unit 518 can be configured to be executed when the terminal authentication unit 517 succeeds in authenticating the terminal, or can be configured to be executed individually. The QR authentication unit 518 performs QR authentication by determining whether the information of the QR code information issued by the QR authentication unit 518 matches the information of the received QR code information.

  The authentication result notification unit 519 notifies the legacy authentication server 400 and the portable authentication terminal 120 of successful authentication when the QR authentication unit 518 succeeds in authentication.

  FIG. 5 is a flowchart showing an authentication method using a QR code in the authentication system according to the first embodiment of the present invention, and FIG. 7 is an authentication method using a QR code in the authentication system according to the embodiment of the present invention. It is a flowchart which shows the user password of this, and the identification information registration method of a portable authentication terminal. Hereinafter, a description will be given with reference to FIGS. 5 and 7.

  First, the computer terminal 110 requests authentication for receiving an arbitrary service via the service server 200 (step S511).

  When an authentication request is generated, the legacy authentication server 400 stores session identification information for a session connection with the computer terminal 110 and authentication service information for the service server 200, and the generated authentication request is a single QR code authentication. It is determined whether the request is a double authentication request that requests both legacy authentication and QR code authentication (steps S513 and S518).

  If the authentication is double authentication, the legacy authentication server 400 performs legacy authentication (step S515), determines whether the legacy authentication is successful (step S516), and when successful, inquires whether the QR code authentication service can be subscribed. A signal is transmitted to the QR authentication server 500 (step S519), or when only QR code authentication is selected, an inquiry signal as to whether or not to subscribe to the QR code authentication service is immediately transmitted to the QR authentication server 500 without performing legacy authentication. In the above description, the case where at least one of QR code authentication and legacy authentication is selectively performed has been described. However, it is needless to say that the present invention can be configured to perform only QR code authentication. When the legacy authentication fails, the legacy authentication server 400 notifies the computer terminal 110 of the authentication failure (step S517).

  When the QR authentication server 500 receives an inquiry about whether or not the QR code authentication service can be subscribed from the legacy authentication server 400, the QR authentication server 500 checks whether a user corresponding to the user identification information included in the inquiry is registered in the QR authentication service subscriber DB 521. It is checked to determine whether or not the service is subscribed, and QR code authentication service subscription availability information including the determination result information is provided to the legacy authentication server 400 (step S521).

  The legacy authentication server 400 that has received the QR code authentication service subscription availability information in FIG. 7 determines whether the subscriber is a QR code authentication service subscriber based on the QR code authentication service subscription availability information (step S711).

  As a result of the determination, if the subscriber is a QR code authentication service subscriber, the legacy authentication server 400 includes authentication service information including information such as user identification information, session identification information, authentication service type, transaction content, and generates a QR code. A QR code request signal requesting to be transmitted is transmitted to the QR code server 500 (step S523).

  On the other hand, if the subscriber is not a QR code authentication service subscriber, the legacy authentication server 400 transmits a QR code authentication service subscription request signal including QR code authentication service subscription information input means to the computer terminal 110 (step S713).

The computer terminal 110 displays the authentication service subscription information input means (step S715) and checks whether a subscription request command is generated (step S717).
When the subscription request command is generated, the computer terminal 110 transmits a service subscription request signal including service subscription information input through the authentication service subscription information input means to the legacy authentication server 400 (step S719).

The legacy authentication server 400 that has received the service subscription request signal transmits a service subscription request signal including service subscription information to the QR authentication server 500 (step S721).
Upon receiving the service subscription request signal from the legacy authentication server 400, the QR authentication server 500 stores the service subscription information included in the service subscription request signal in the QR authentication service subscriber DB 521 and performs the service subscription process (step) S723).

  The QR authentication server 500 that has received the QR code generation request signal generates QR code information, generates a QR code image for the QR code information, and provides it to the legacy authentication server 400 (step S525). At this time, the QR code information can be converted into a QR code image after being encrypted with a security key corresponding to a password set by the user. In order to improve security, it is desirable that QR code information is encrypted and then converted to a QR code image.

  The legacy authentication server 400 that has received the QR code image transmits the QR code image to the computer terminal 110 (step S527).

  Then, the computer terminal 110 that has received the QR code image displays the QR code image on the screen (step S529).

  When the QR code image is displayed on the computer terminal 110, the user scans the QR code image on the screen with the mobile authentication terminal 110. Therefore, when the user drives the QR code scanning application of the mobile authentication terminal 120, it is inspected whether the QR code is scanned (step S531).

  When the QR code image is scanned by the scanning unit 60, the terminal control unit 10 of the mobile authentication terminal 120 extracts QR code information from the QR code image (step S532).

  When the QR code is extracted, the terminal control unit 10 performs a QR code consistency check (step S541), displays the QR code information on the display unit 40 (step S543), and then includes the QR code information. A code authentication request signal is transmitted to the QR authentication server 500 (step S545). If the verification of the consistency fails, the process may be terminated as it is, or the QR authentication server 500 may be notified of the consistency verification failure (not shown).

  However, if the QR code information is encrypted with a security key, the mobile authentication terminal 110 requests that the password corresponding to the security key be input via the display unit 40 (step S533). It is inspected whether it is input (step S535).

  When the password is input, the mobile authentication terminal 110 decrypts the encrypted QR code information with the input password (step S537), and then checks whether the decryption is successful (step S539).

  If the decryption is successful, the mobile authentication terminal 110 performs the above-described QR code consistency check.

  Upon receiving the QR code authentication request signal, the QR authentication server 500 detects the terminal identification information included in the QR code authentication request signal, and the detected terminal identification information and the terminal registered in the QR authentication service subscriber DB 521 The terminal is authenticated by comparing with the identification information (step S547).

  After authenticating the terminal, the QR authentication server 500 records the terminal authentication result and history (step S548).

  After recording the authentication result, the QR authentication server 500 determines whether the terminal has been successfully authenticated (step S549).

  In the determination as to whether or not the terminal authentication is successful, if it is determined that the authentication is successful, the QR authentication server 500 performs QR authentication (step S552). The mobile authentication terminal 120 is notified of terminal authentication failure (step S550). At this time, the legacy authentication server 400 that has received the terminal authentication failure notification notifies the computer terminal 110 of the terminal authentication failure (step S551).

  After the QR authentication, the QR authentication server 500 stores the QR authentication result and the history (step S553), and then notifies the legacy authentication server 400 of the authentication result including the QR identification information (QR ID) and the session identification information (Session ID). (Step S554). If the QR authentication fails, the QR authentication server 500 can be configured to notify the mobile authentication terminal 120 of the authentication failure (step S555).

When the legacy authentication server 400 receives the authentication result from the QR authentication server 500, the legacy authentication server 400 analyzes the authentication result and determines whether the QR authentication is successful (step S556).
If the QR authentication fails, the legacy authentication server 400 notifies the computer terminal 110 of the authentication failure (step S557).

  On the other hand, if the authentication is successful, the legacy authentication server 400 compares the session identification information included in the authentication result with the session identification information corresponding to the QR identification information from the session identification information DB 422 and performs session authentication. (Step S558).

  After performing the session authentication, the legacy authentication server 400 determines whether the session authentication is successful (step S559). If the session authentication fails, the legacy authentication server 400 authenticates to the computer terminal 110. A failure is notified (step S561). At this time, the legacy authentication server 400 can be configured to notify the QR authentication server 500 of an authentication failure (step S561). The QR authentication server 500 can be configured to record a session authentication failure history when notifying the session authentication failure (step S562) and to notify the mobile authentication terminal 120 of the session authentication failure (step S563). .

On the other hand, when the session authentication is successful, the QR authentication server 500 makes a final approval for the authentication request (step S511) (step S564). Then, the service server 200 performs the service, login, account transfer, and the like.
After the final approval, the legacy authentication server 400 transmits a final approval notification signal for notifying the final approval to the QR authentication server 500 (step S565).

  The QR authentication server 500 that has received the final approval notification signal transmits an authentication result notification signal to the mobile authentication terminal 120 (step S566).

  The mobile authentication terminal 120 that has received this displays the authentication result information.

  FIG. 6 is a flowchart showing an authentication method using a QR code in the authentication system according to the second embodiment of the present invention. In the following description with reference to FIG. 6, the same steps as those in FIG. 5 are denoted by the same reference numerals, and the description of the same steps as those in FIG. 5 is omitted or briefly described.

  Referring to FIG. 6, the second embodiment is a case where the type of authentication service includes financial transaction information such as account transfer and settlement, and transaction contents by account transfer or the like via the user portable authentication terminal 110. This is to prevent damage to the user due to memory hacking.

  For this purpose, the portable authentication terminal 120 includes the QR code information including financial transaction information corresponding to the type of authentication service, and displays the QR code information after the QR code consistency check using the QR code information (step S541). (Step S543).

  After displaying the QR code information including the financial transaction information, the mobile authentication terminal 120 outputs a message inquiring whether to continue the transaction, and checks whether the user selects approval (step S611).

  When the user approves that the transaction is continued, the mobile authentication terminal 120 transmits a QR code authentication request signal including QR code information to the QR authentication server 500 (step S545). At this time, the QR code information may be re-encrypted with the input password and transmitted.

  Further, when the user rejects the transaction for the financial transaction information, the mobile authentication terminal 120 may be configured to end as it is, or an approval rejection notification signal for notifying that the transaction for the financial transaction information has been rejected is sent to the QR authentication server 500. It can also be configured to transmit to (step S613). In the former case, the QR authentication server 500 notifies the legacy authentication server 400 that the transaction approval has been rejected after a predetermined time, and in the latter case, the legacy authentication server 400 receives the transaction approval upon receipt of the approval rejection notification signal. Notification of rejection (not shown). The legacy authentication server 400 that has received the approval rejection notification signal finally rejects the service for the authentication request 511.

  In addition, in transactions such as account transfer and settlement, changing account information, address, etc. or changing the amount of money may cause great damage to the user. In order to prevent this double, the legacy authentication server 400 performs a session with respect to the QR identification information and financial transaction information and the QR identification information included in the authentication result notification signal when the session authentication is successful (step S559). The financial transaction information registered in the identification information DB 422 is compared to further determine whether they match (step S615).

  If the financial transaction information does not match, the legacy authentication server 400 notifies the computer terminal 110 and the QR authentication server 500 of the authentication failure (step S617), and makes final approval only when the financial transaction information matches. Thus, memory hacking is prevented (step S559). The QR authentication server 500 stores the authentication result and history when authentication fails due to the mismatch of financial transaction information (step S619), and notifies the mobile authentication terminal 120 that the authentication failed due to mismatch of financial transaction information (step S619). S621).

DESCRIPTION OF SYMBOLS 10: Terminal control part 11: QR code information acquisition part 12: Password authentication process part 13: Password acquisition part 14: Decoding part 15: QR code consistency check part 16: Transaction information detection part 17: User approval confirmation part 20: Terminal Storage unit 30: Input unit 40: Display unit 50: Terminal communication unit 60: Scan unit 100: User terminal unit 110: Computer terminal 120: Mobile authentication terminal 200: Service server 300: Authentication server unit 400: Legacy server unit 410: Legacy Control unit 411: Authentication type determination unit 412: Legacy authentication unit 413: QR code authentication service subscription unit 414: QR code issue request unit 415: Session authentication unit 416: Transaction information authentication unit 420: Legacy storage unit 421: Legacy authentication information DB
422: Session identification information DB 430: Legacy communication unit 500: QR authentication server 510: QR control unit 511: QR code authentication service registration unit 512: QR code generation unit 513: QR code generation information collection unit 514: QR code information generation unit 515: QR code encryption unit 516: QR code image generation unit 517: Terminal authentication unit 518: QR authentication unit 519: Authentication result notification unit 520: QR storage unit 521: QR authentication service subscriber DB 522: QR code generation DB
530: QR communication unit

Claims (24)

A computer terminal that makes an authentication request by transmitting a QR code authentication request signal including user identification information for the user and at least authentication method selection information for selecting QR code authentication, and displays a QR code image received in response to the authentication request When,
A mobile authentication terminal that scans the QR code image and transmits QR code information included in the QR code image;
When the authentication request is generated, a QR code generation request signal in which QR code generation information including the user identification information is recorded by QR code authentication selected by the authentication method selection information for an arbitrary service is transmitted to A legacy authentication server that approves the provision of the service if the QR code authentication result is successful after requesting generation and transmitting a QR code image received in response to the computer terminal;
Upon reception of the QR code generation request signal, QR code information is generated, a QR code image for the QR code information is generated and provided to the legacy authentication server, and then QR code information received from the mobile authentication terminal is received. The QR code image generated for the QR code image is compared with the QR code information stored in the QR code generation DB, and authentication is performed according to whether or not they match, and the QR code authentication result is notified to the legacy authentication server. An authentication system using a QR code, comprising: The portable authentication terminal is
A terminal communication unit that performs data communication with the QR authentication server via a wired and wireless data communication network;
A scan unit that scans and outputs a QR code image displayed on the computer terminal;
A display unit for displaying the QR code information;
The QR code according to claim 1, further comprising: a terminal control unit that transmits after detecting the QR code information from the QR code image by scanning with the scanning unit and displaying the QR code information on the display unit. Authentication system. The QR authentication server encrypts the QR code information with a security key, generates a QR code image corresponding to the encrypted QR code information, and provides the QR code information to the legacy authentication server,
The terminal control unit
A QR code information acquisition unit that detects a QR code image by the scanning unit, analyzes the QR code image, and acquires encrypted QR code information;
The QR code according to claim 2, further comprising: a password authentication processing unit including a decryption unit that decrypts the acquired encrypted QR code information by a user inputting a password corresponding to the security key. An authentication system using The terminal control unit
QR code consistency check is performed by checking the consistency of the QR code with the hash value included in the decrypted QR code information, and when the verification of the consistency is passed, the QR code information is transmitted to the QR authentication server. The authentication system using the QR code according to claim 3, further comprising: The terminal control unit
A transaction information detection unit that checks whether financial transaction information is included in the decrypted QR code information, detects the financial transaction information, and displays it on a display unit;
After the financial transaction information is displayed by the transaction information detection unit, a message for inquiring whether the user can approve is displayed, and when approval is selected in response to the approval approval / disapproval, an approval approval / disapproval history is added to the QR code information. The authentication system using the QR code according to claim 3, further comprising a user approval confirmation unit that transmits to the QR authentication server.   6. The authentication system using a QR code according to claim 5, wherein the user approval confirmation unit re-encrypts and transmits the QR code information with the password when transmitting the QR code information to the QR authentication server. The legacy authentication server is:
A legacy storage unit comprising: a legacy authentication information DB for storing legacy authentication information for each user identification information; and a session identification information DB for storing authentication service information including session identification information for each user identification information; and An authentication type determination unit that determines an authentication request method based on the authentication method selection information;
In the determination of the authentication type, if the authentication request method is legacy authentication, a legacy authentication unit that performs legacy authentication with reference to the legacy authentication information DB; and
In the determination of the authentication type, if the authentication request method is QR code authentication, it is determined whether or not the user of the user identification information is a QR code authentication service subscriber via the QR authentication server. A service subscriber;
If the user is a QR code authentication service subscriber, a QR code generation request signal including the user identification information is transmitted to request QR code issuance, and a QR code image received in response thereto is transmitted to the computer terminal. A QR code issuance request unit for transmission, and a QR code authentication result obtained by transmitting the QR code image is received from the QR authentication server, and if the QR code authentication result is successful, the legacy control for authorizing provision of the service The authentication system using the QR code according to claim 1, further comprising: The legacy control unit
At the time of receiving the QR code authentication result, among the user identification information and session identification information included in the QR code authentication result, the session identification information and the user identification information are registered in the session identification information DB. 8. The apparatus according to claim 7, further comprising a session authentication unit that performs session authentication according to whether or not the session identification information matches and determines whether the authentication is successful when the session authentication is successful. Authentication system using QR code. The legacy control unit
When the type of authentication service of the authentication request is one of account transfer, goods purchase settlement and securities transaction, the financial transaction information and the user among the user identification information and financial transaction information included in the authentication result The financial transaction information authentication further includes a transaction information authentication unit that compares the financial transaction information stored in the session identification information DB with the identification information and performs financial transaction information authentication according to whether or not they match 8. The authentication system using a QR code according to claim 7, wherein the approval is determined when the authentication is successful. The QR authentication server
A QR storage unit including a QR code generation DB for storing the generated QR code information;
The QR code generation request signal is received, QR code information is generated and stored in the QR code generation DB, then provided to the legacy authentication server, and received from the mobile authentication terminal, and the QR code The QR control unit according to claim 1, further comprising: a QR control unit that performs authentication by comparing with QR code information stored in a code generation DB and notifies the legacy authentication server of the QR code authentication result. Authentication system using QR code. The QR storage unit
A QR authentication service subscriber DB for storing authentication service subscription information including user information of the user, the mobile authentication terminal identification information of the user and a password;
The QR control unit
When receiving an inquiry about whether or not a QR code authentication service can be subscribed by a QR code authentication request from the legacy authentication server, refer to the authentication service subscription information of the QR authentication service subscriber DB to determine whether or not to subscribe to the service, and to the legacy authentication server A QR code authentication service registration unit for storing and registering the authentication service subscription information in the QR authentication service subscriber DB when receiving a service subscription request signal including authentication service subscription information from the legacy authentication server;
A QR code generator for collecting QR code information upon receipt of the QR code generation request signal, generating a QR code image for the QR code information and storing the QR code information in the QR code generation DB;
A QR authentication unit configured to generate QR code information received from the mobile authentication terminal for the QR code image and perform authentication by comparing with the QR code information stored in the QR code generation DB;
The authentication system using the QR code according to claim 10, further comprising an authentication result notifying unit that notifies the legacy authentication server and the mobile authentication terminal of a QR code authentication result. The QR code generator is
A QR code generation information collecting unit for collecting QR code generation information including a service server site name, authentication service type, financial transaction information, user identification information and session identification information from the QR code generation request signal;
A QR code information generation unit that generates QR code information including the QR code generation information, a time stamp that is a QR code issue time, and QR identification information;
The QR code according to claim 11, further comprising: a QR code image generation unit that generates a QR code image corresponding to the generated QR code information and then transmits the QR code image to the legacy authentication server. Authentication system. The QR code generator is
A QR code encryption unit for encrypting the generated QR code information with a password registered in the QR authentication service subscriber DB with respect to the user identification information of the QR code generation information;
The authentication system using a QR code according to claim 12, wherein the QR code image generation unit generates a QR code image for the encrypted QR code information. The QR control unit
Upon reception of QR code information received from the mobile authentication terminal, the QR authentication service subscriber DB is mapped to the mobile authentication terminal user identification information and the mobile authentication terminal user identification information received from the mobile authentication terminal. The authentication system using the QR code according to claim 1, further comprising a terminal authentication unit that performs authentication according to whether or not the terminal identification information stored in the device matches. An authentication request for requesting authentication by transmitting a QR code authentication request signal including at least user identification information and authentication method selection information for selecting at least QR code authentication to a legacy authentication server while using any service of the service server Process,
A QR code generation request including QR code generation information including the user identification information when an authentication request is generated by reception of a QR code authentication request signal including authentication method selection information in which the legacy authentication server has selected QR code authentication from the computer terminal A QR code generation request process for transmitting a signal to the QR authentication server to request generation of a QR code;
When the QR authentication server receives a QR code generation request signal from the legacy authentication server, it collects QR code information for the authentication request, generates a QR code image for the collected QR code information, and provides the QR code information to the legacy authentication server Code image generation process,
QR code providing process in which the legacy authentication server transmits the QR code image to the computer terminal;
A QR code display process in which a computer terminal receives and displays the QR code image;
A QR code scanning process in which a mobile authentication terminal scans a QR code image displayed on the computer terminal to acquire QR code information included in the QR code and then transmits the QR code information to the QR authentication server;
The QR authentication server performs QR code authentication by comparing the QR code information received from the mobile authentication terminal with the QR code information generated for the user identification information, and sends the result to the legacy authentication server. QR code authentication process to be transmitted;
An authentication method using a QR code, comprising: a service approval process for final approval of the service if the result of QR code authentication received by the legacy authentication server from the QR authentication server is successful. In the authentication request process, the authentication method selection information includes authentication selection information for selecting at least one legacy authentication and QR code authentication,
The QR code generation request process includes:
A legacy authentication step of performing legacy authentication with the legacy authentication selection information included by the authentication selection information;
A QR code generation request step of transmitting a QR code generation request signal including QR code generation information including the user identification information to a QR authentication server and requesting QR code generation when the legacy authentication is successful. An authentication method using the QR code according to claim 15. The QR code image generation process includes:
QR code generation information collecting step for extracting QR code generation information from the QR code generation request signal upon reception of a QR code generation request signal from the legacy authentication server;
QR code information generation step for generating QR code information including information on the collected QR code generation information and the generated QR code;
The QR code according to claim 15, further comprising a QR code image generating step of generating a QR code image corresponding to the generated QR code information and providing the QR code image to the legacy authentication server. Authentication method. The QR code image generation process includes:
When the QR code information is collected in the QR code generation information collecting step, the QR code information is encrypted by applying the password of the user registered in the QR authentication service subscriber DB to the QR code information as a security key. Further comprising an encryption step,
18. The authentication method using a QR code according to claim 17, wherein a QR code image for the encrypted QR code information is generated in the QR code image generation step. The QR code scanning process includes:
A scanning step in which the mobile authentication terminal scans the QR code image displayed on the computer terminal;
A QR code information extracting step of analyzing the scanned QR code image to extract QR code information;
The QR code authentication method according to claim 15, further comprising: a QR code transmission step of transmitting the extracted QR code information to a QR authentication server. In the QR code image generation process, the QR authentication server encrypts and transmits the QR code information as a security key with a password set in advance for the user of the user identification information,
The QR code scanning process includes:
After extracting the QR code information, the user further requests to input a password corresponding to the security key, and further includes a decrypting step of decrypting the encrypted QR code information with the password after being input. The authentication method using the QR code according to claim 19. The QR code scanning process includes:
A consistency check step of performing a consistency check with a hash value included in the QR code information;
20. The authentication method using a QR code according to claim 19, wherein the QR code information is transmitted to a QR authentication server only when the consistency check is passed in the QR code transmission step. The QR code authentication process includes:
The terminal identification information included in the signal including the QR code information from the mobile authentication terminal is compared with the terminal identification information registered in advance in the QR authentication service subscriber DB corresponding to the user identification information. A terminal authentication step for authenticating the terminal according to whether or not to perform,
When the authentication of the terminal is successful, the QR code that performs QR code authentication according to whether or not the QR code information matches the QR code information registered in advance for the user of the user identification information An authentication step;
16. The QR code authentication method according to claim 15, further comprising a QR code authentication notification step of transmitting the QR code authentication result to the legacy authentication server. The service approval process includes:
When the legacy authentication server receives the QR code authentication result received from the QR authentication server, the session identification information included in the QR code authentication result and the user identification information included in the QR code authentication result are included. Correspondingly, a session authentication step for performing session authentication according to whether or not the session identification information stored in the session identification information DB matches,
The authentication method using a QR code according to claim 15, further comprising a service approval step of performing final approval for the service when the session authentication is successful. The service approval process includes:
If the authentication service type of the authentication request is a financial transaction, the financial transaction information mapped in the QR code authentication result and the session identification information and stored in the session identification information DB A transaction information authentication step for performing transaction information authentication according to whether or not the information matches and
The authentication method using a QR code according to claim 23, wherein, when the transaction information authentication is successful, the service approval step is performed.